CVE-2025-14799: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in neeraj_slit Brevo – Email, SMS, Web Push, Chat, and more.
The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling.
AI Analysis
Technical Summary
The Brevo WordPress plugin suffers from an authorization bypass vulnerability caused by PHP type juggling in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. The plugin uses loose comparison (==) to validate the installation ID, which allows an attacker to send a boolean true value for the `id` parameter and bypass authorization. Exploiting this flaw, an unauthenticated attacker can disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings. The vulnerability affects all versions up to and including 3.3.0. The CVSS v3.1 base score is 6.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and high availability impact.
Potential Impact
An unauthenticated attacker can bypass authorization controls to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings. This results in loss of plugin functionality and potential denial of service for email, SMS, web push, and chat features provided by the plugin. There is no direct confidentiality impact reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the vulnerable REST API endpoint if possible and monitor for suspicious requests targeting `/wp-json/mailin/v1/mailin_disconnect`. Avoid exposing this endpoint publicly or implement additional access controls as a temporary mitigation.
CVE-2025-14799: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in neeraj_slit Brevo – Email, SMS, Web Push, Chat, and more.
Description
The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Brevo WordPress plugin suffers from an authorization bypass vulnerability caused by PHP type juggling in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. The plugin uses loose comparison (==) to validate the installation ID, which allows an attacker to send a boolean true value for the `id` parameter and bypass authorization. Exploiting this flaw, an unauthenticated attacker can disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings. The vulnerability affects all versions up to and including 3.3.0. The CVSS v3.1 base score is 6.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and high availability impact.
Potential Impact
An unauthenticated attacker can bypass authorization controls to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings. This results in loss of plugin functionality and potential denial of service for email, SMS, web push, and chat features provided by the plugin. There is no direct confidentiality impact reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the vulnerable REST API endpoint if possible and monitor for suspicious requests targeting `/wp-json/mailin/v1/mailin_disconnect`. Avoid exposing this endpoint publicly or implement additional access controls as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-12-16T19:50:41.434Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6995a2d880d747be206547e8
Added to database: 2/18/2026, 11:30:32 AM
Last enriched: 4/9/2026, 9:53:20 AM
Last updated: 5/22/2026, 5:44:54 PM
Views: 368
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.